The invention relates generally to telecommunications access control systems and more particularly, to a system and method whereby a virtual private telephone network is autonomously constructed between at least two in-line devices.
Historically, government and business entities could be reasonably confident that their sensitive information communicated by telephone, fax, or modem was confidential, and that no one would monitor or eavesdrop on their plans and strategies. This is no longer true. In the past several years, information assets have become increasingly vulnerable to interception while in transit between the intended parties, as interception and penetration technologies have multiplied.
A wide range of communications, from those concerning military, government, and law enforcement actions, to contract negotiations, legal actions and personnel issues all require confidentiality, as do communications concerning new-product development, strategic planning, financial transactions or any competition-sensitive matter. They often require discussions over the telephone, faxes, videoconferences, data transmission and other electronic communication. As businesses depend on their communications systems more and more, those systems are delivering ever-greater volumes of information, much of it proprietary and extremely valuable to competitors.
It""s not just business competitors that companies have to be concerned about. Risks are particularly high for businesses with operations outside the United States. Many nations are defining their national security as economic security, and they""re putting their intelligence agencies into the business of industrial and economic espionage. Some foreign intelligence agencies actively and aggressively spy on businesses to collect technology and proprietary information.
The increasing prevalence of digital communications systems has led to the widespread use of digital encryption systems by governments and businesses concerned with communications security. These systems have taken several forms, from data Virtual Private Networks (VPN), to secure voice/data terminals.
Communications and computer systems move massive amounts of information quickly and routinely. With voice, fax, data and video to choose from, businesses are communicating in all these modes via the untrusted Public Switched Telephone Network (PSTN). Unfortunately, whereas a data VPN protects information traveling over the Internet, a data VPN is not designed to protect voice, fax, modem, and video calls over the untrusted PSTN.
While IP-based VPN technology is automated and widely available, solutions for creating safe tunnels through the PSTN are more manual, requiring user participation at both ends to make a call secure. Such is the case with the use of secure voice/data terminals, such as Secure Telephone Units (STU-IIIs), Secure Telephone Equipment (STE), and hand-held telephony encryption devices.
When used, secure voice/data terminals effectively protect sensitive voice and data calls. However, their design and typical deployment can be self-defeating. For example, to enter secure mode on a STU-III or STE device, both call parties must retrieve a physical encryption key from a safe storage location and insert it into their individual device each time a call is placed or received. Also, STU-III and STE devices are expensive, so they are typically located within a department or work center, but not at each work station. If a STU-III or STE call is not scheduled ahead of time, the caller may have to wait while the person they are calling is brought to the phonexe2x80x94with a key.
If the secure voice/data terminal is installed on an analog line, transmission speed and voice recognition quality is low. Slow speed may be tolerated for secure data transfer, but it can make secure voice communication difficult and frustrating. Good speed and voice quality is attainable on ISDN or T-1 lines, but replacement of analog lines is expensive and many organizations prefer to keep their existing equipment.
The inconvenience, frustration, and poor voice quality of using manually activated secure voice/data terminals can motivate individuals to xe2x80x9ctalk aroundxe2x80x9d the sensitive material on non-secure phones. Although the confidential information is not directly spoken, these vague conversations can be pieced together to get a fair idea of the information that was supposed to be protected. Use of secure voice/data terminals for the communication of sensitive information can be mandated by policy, but there is no way to properly enforce such a requirement.
Additionally, secure voice/data terminals secure only one line per device. As point-to-point devices, secure voice/data terminals cannot protect the vast majority of calls occurring between users who do not have access to the equipment. And while there are policies that specifically prohibit it, sensitive material can be inadvertently discussed on non-secure phones and distributed across the untrusted PSTN.
Secure voice/data terminals cannot implement an enterprise-wide, multi-tiered policy-based enforcement of a corporate security policy establishing a basic security structure across an enterprise, dictated from the top of the tier downward. Neither can secure voice/data terminals implement an enterprise-wide, multi-tiered policy-based enforcement of selective event logging and consolidated reporting to be relayed up the tier.
Secure voice/data terminals cannot provide the capability of xe2x80x9clivexe2x80x9d viewing of all secure call actions performed by the device.
Lastly, secure voice/data terminals cannot provide call event logs, detailing secure calls. Therefore, a consolidated detailed and summary report can not be produced for use by security personnel and management in assessing the organization""s security posture.
Clearly, there is a need for a system and method to provide secure access across the untrusted PSTN through telephony resources that can be initiated by a security policy defining actions to be taken based upon at least one attribute of the call, providing multi-tiered policy-based enforcement capabilities and visibility into security events.
A system and method to provide secure access across the untrusted PSTN is described. The system and method utilizes telephony resources that can be initiated by a security policy defining actions to be taken based upon at least one attribute of the call, providing multi-tiered policy-based enforcement capabilities and visibility into security events.
Some advantages of the system and method are: its completely operator-transparent; its less expensive; it does not require static secret keysxe2x80x94creates a new key each session; it does not require manual keys; it""s a secure transport of modem, fax, and voice; its unaffected by transcoding; there is a separate message channel from the data so the message and data can be sent concurrently; there is automatic policy enforcement; the policy is implemented by call type and it accommodates a multi-tier policy enforcement.